diff options
Diffstat (limited to 'views/default/output/tag.php')
-rw-r--r-- | views/default/output/tag.php | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/views/default/output/tag.php b/views/default/output/tag.php index 3c002a31b..6bd9a72a7 100644 --- a/views/default/output/tag.php +++ b/views/default/output/tag.php @@ -8,24 +8,25 @@ * */ +if (!empty($vars['type'])) { + $type = "&type=" . rawurlencode($vars['type']); +} else { + $type = ""; +} if (!empty($vars['subtype'])) { - $subtype = "&subtype=" . urlencode($vars['subtype']); + $subtype = "&subtype=" . rawurlencode($vars['subtype']); } else { $subtype = ""; } if (!empty($vars['object'])) { - $object = "&object=" . urlencode($vars['object']); + $object = "&object=" . rawurlencode($vars['object']); } else { $object = ""; } if (isset($vars['value'])) { - if (!empty($vars['type'])) { - $type = "&type={$vars['type']}"; - } else { - $type = ""; - } - $url = elgg_get_site_url() . 'search?q=' . urlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}"; + $url = elgg_get_site_url() . 'search?q=' . rawurlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}"; + $vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false); echo elgg_view('output/url', array( 'href' => $url, 'text' => $vars['value'], |